Quoting Russ Allbery (rra@debian.org):
> Celejar <celejar@gmail.com> writes:
>
> > Just curious; anyone can forget a user account, but how did the
> > attacker get root?
>
> There are a *lot* more privilege escalation attacks than there are remote
> exploits. Just in the Linux kernel, a new one seems to show up every six
> months or so.
Moen's First Law of Security ("It's easier to break in from the inside."
http://linuxmafia.com/~rick/lexicon.html#moenslaw-security1
It's always worthwhile to audit one's system (on an _ongoing_ basis, as
Russ suggests) for local weaknesses that allow privilege escalation,
and especially for the ones that make it _easy_.
It's a fact that most people's machines are cracked by canned 'sploits
run via automated scripts by kiddies who don't even understand their
tools -- which is a pretty ignominious thing to happen. Don't let it
happen to you.
And this is _another_ reason why a properly targeted file-based IDS is
a really capital idea -- as is alertness about what is and is not
aberrant system behaviour. I can even make this point in a
Debian-relevant way. All hail to the Debian Project's sysadmins, who
in November 2003 showed everyone how to do it right:
http://linuxgazette.net/issue98/moen.html
--
Cheers, English is essentially a text parser's way of getting
Rick Moen faster processors built.
rick@linuxmafia.com -- John M. Ford, http://ccil.org/~cowan/essential.html